1. Field of the Invention
The present invention relates generally to electronic documents, and more particularly, to a system and method for document-driven processing of digitally-signed, electronic documents.
2. Identification of Copyright
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
E-commerce is rapidly becoming the watchword for businesses in the next millennium. The appeal of a completely paperless transaction is obviousxe2x80x94reduced storage costs; instant global access to transaction data; and the merging, filtering, and mining of data. Not only will businesses benefit from paperless transactions, but also a number of other institutions, such as courts and government agencies.
A few problems need to be addressed, however, before widespread acceptance of paperless transactions is possible. First, there is a need for a system that provides a high degree of trust in electronic documents. In other words, there is a need for a system that authenticates and prevents the repudiation of electronic documents. Second, there is a need for a flexible, efficient, and auditable system for creating and processing trusted electronic documents.
The problem of establishing trust in electronic information is largely cultural. Despite the widespread use of computers, the United States still very much a paper-based society. Many eople tend to trust paper documents, while distrusting the same information stored in a computer. Similarly, many people tend to respect such traditional indicia of authenticity and non-repudiation as handwritten signatures, official seals, and the like. As a result, while growing numbers of people are willing to buy books, flowers, or Furbies(trademark) over the Internet, they are not willing to use the same medium to buy a car, a house, or a company.
Only recently has the technical and legal framework been established for providing the same kind of trust in electronic documents. The technical framework has emerged as a result of recent advances in cryptography, such as public key cryptography and digital signatures. The legal framework has developed through such legislative reform as the Utah Digital Signature Act, which was the first legislative initiative to give clear legal recognition to digital signatures.
As noted above, the key technical framework for establishing trust in electronic information is cryptography, i.e. the science of protecting information by transforming it into an unreadable format by means of a mathematical formula. There are two basic types of cryptographyxe2x80x94symmetric and asymmetric. In symmetric key cryptography, both the sender and receiver of a message use the same secret key, i.e. a number or code used for scrambling or unscrambling information. The sender uses the secret key to encrypt the message and the receiver uses the same secret key to decrypt the message.
The difficulty arises, however, when the sender and receiver attempt to agree on, the secret key without anyone else finding out. For example, if the sender and receiver are in separate physical locations, they must trust a courier, a telephone system, or some other transmission medium to prevent the disclosure of, the secret key. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all messages encrypted or authenticated with that key. Thus, symmetric key encryption systems present a difficult problem of key management.
The other type of cryptography, assymetric or xe2x80x9cpublic keyxe2x80x9d cryptography, was developed as a solution to the key management problem. In public key cryptography, two keys are usedxe2x80x94a public key and a private key. The user publishes his public key to the world, while keeping the corresponding private key secret. Although the public and private keys are mathematically related, neither can be feasibly derived from the other.
To send a private message using public key cryptography, a message is encrypted using the recipient""s public key, which is freely available, and is decrypted by the recipient using his private key, which only he knows. Thus, the need for the sender and recipient to share secret information is eliminated. A sender only needs to know the recipient""s public key, and no private keys are ever transmitted or shared.
Public key cryptography offers another crucial advantage over symmetric key cryptographyxe2x80x94a framework for creating digital signatures. One of the significant problems with cryptographic communications is determining whether an encrypted message was forged (i.e. falsely attributed to another person) or tampered with during transmission. As noted above, if a symmetric key is lost or stolen, any person in possession of the key can forge messages or modify legitimate messages.
Using public key cryptography, however, a sender can digitally xe2x80x9csignxe2x80x9d a message using the sender""s private key. This process involves calculating a message digest, i.e. a number that represents a summary of the entire message, and encrypting the message digest with the sender""s private key. The message digest is calculated using a one-way hash function such that any change to the message will result in a different calculated message digest. While it would be possible to encrypt the entire message, it would typically be too expensive in terms of time and computing resources. Consequently, for non-private communications, encrypting just the message digest is preferable.
When the message is received, the recipient uses the sender""s known public key to decrypt the message digest, thereby proving that the message was not forged, since only the sender could have encrypted the message digest with the corresponding private key. Thereafter, the recipient calculates a new message digest for the message and compares it with the original message digest. If the digests match, the message was not tampered with during transmission.
In the legal and commercial contexts, a digital signature can fulfill the same requirements of identity authentication and non-repudiation as a handwritten signature. First, the digital signature may be used to identify the sender of a message. Second, because only the sender knows his private key, it is impossible for the sender to repudiate a document signed using his private key. This fact makes it possible for digitally-signed agreements to become legally binding. In addition, unlike a handwritten signature, a digital signature can protect the integrity of the document by indicating whether the document was modified since it was signed.
Even with the availability of digital signature technology, a second problem that needs to be addressed in order to ensure widespread acceptance of paperless transactions is the development of a flexible, efficient, and auditable system for creating and processing trusted electronic documents. Unfortunately, conventional approaches have numerous drawbacks.
For example, a traditional model for creating and processing electronic information is as follows:
Paper Documentxe2x86x92Signxe2x86x92Courierxe2x86x92File Clerkxe2x86x92DBMS.
In other words, a paper document is signed and then sent by a courier, such as UPS, to a file clerk. The file clerk inputs various data from the paper document into a Database Management System (DBMS), which allows the data to be processed and displayed for a variety of purposes.
Unfortunately, such a model has several drawbacks. First, it is not very flexible. Once a typical DBMS schema is created, it is difficult to update or modify in order to accommodate the changing needs of its users. Moreover, each client computer that accesses the DBMS must be programmed with the same database schema and use compatible database software. This requires a high degree of uniformity and compatibility among the components of the system.
A second problem with the model is that it is not very efficient. For example, the essential elements of the paper document must be re-entered by the file clerk, resulting in duplication of effort. Moreover, sending the paper document via the courier requires significant time and expense. In addition, human file clerks are prone to typographical errors, making the resulting database untrustworthy. Consequently, for important documents, it is necessary to retain the paper original for future verification, resulting in increased storage costs.
A third problem with the model is that it is difficult to audit. In other words, it is difficult to track who has accessed or modified the electronic information. Most database systems do not track every access and modification to the stored data. Even if such tracking were available, however, it would be extremely difficult to incorporate digital signature technology into the system. The data entered from the original paper document is distributed throughout various tables in the DBMS, making it infeasible to digitally xe2x80x9csignxe2x80x9d a complete document.
A second conventional model for creating and processing electronic information is as follows:
Paper documentxe2x86x92Signxe2x86x92Fax xe2x86x92File Clerkxe2x86x92DBMS.
This model is only slightly better than its predecessor because the courier is replaced by a facsimile machine. However, a facsimile transmission often distorts the image of the paper document, making it difficult to read by the file clerk and thereby increasing the chance of transcription errors. Additionally, the digitization process often makes verification of signatures difficult.
A third, more recent, model for creating and processing electronic information is as follows:
PDF/WP documentxe2x86x92Digitally Signxe2x86x92E-mailxe2x86x92File Clerkxe2x86x92DBMS.
In other words, a PDF (Adobe Systems(copyright) format) or word processing document is digitally signed using, for example, a public key cryptosystem. Thereafter, the document is sent by e-mail to the file clerk who inputs various data from the document into the DBMS.
This model is superior to the facsimile approach for a number of reasons. First, the document may be legibly printed or viewed by the file clerk, increasing the reliability of transcription. Additionally, the digital signature prevents modification of the document during transmission. Moreover, the PDF or word processing document may be directly stored within the DBMS, eliminating the need for retaining the paper original.
Despite these advantages, the file clerk may still make typographical errors, resulting in the information being incorrectly stored or indexed. Moreover, there is still the problem of inefficiency. The file clerk must retype essential data contained within the document, resulting in duplication of effort.
A fourth, more recent, model for creating and processing electronic information is as follows:
PDF/WPxe2x86x92Digitally Sign+EDI Headerxe2x86x92E-mailxe2x86x92EDIxe2x86x92DBMS.
In this model, the PDF or word processing documents is digitally signed and then appended to an Electronic Data Interchange (EDI) header. EDI is a common standard used for transferring data between different companies using networks, such as the Internet. ANSI has approved a set of EDI standards known as the X12 standards.
EDI is advantageous because it eliminates the need for the filing clerk. The EDI process automatically reads the EDI header and inputs relevant data directly into the DBMS. Additionally, the document may be automatically stored in the database for future reference or verification.
Nevertheless, this model still has many of the disadvantages of its predecessors. For example, the model is still not very efficient. The EDI header duplicates much of the information that is contained within the document. This xe2x80x9cdouble codingxe2x80x9d of information wastes storage space and can result in a document being misfiled if the EDI header information is incorrect.
Additionally, the model is still not very flexible. Typical EDI systems are hard-coded at both the client and server level to communicate with a particular DBMS. Thus, there is still the problem of upgradeability and the requirement for substantially uniform and compatible system components. Additionally, these systems are typically limited to displaying the entire document or nothing. This is a disadvantage when the document contains both public and private information, as in court documents and the like. People with a valid interest in the public data are typically barred from access by conventional systems in order to preserve the privacy of the private data.
There are also significant problems with incorporating digital signatures into EDI-based systems. Although a digital signature could be attached to the entire PDF or word processing document, it would typically be impossible to attach digital signatures to different portions of the document, such as where different people need to sign in different locations. Also, there are no defined mechanisms in EDI for auditing the modifications to, and the digital signing of, electronic documents.
Accordingly, what is needed is a system and method for providing a high degree of trust in electronic documents. What is also needed is a flexible, efficient, and auditable system and method for creating and processing trusted electronic documents. What is additionally needed is a digital signature system and method in which different people can digitally sign different portions of the electronic document. Moreover, what is needed is a digital signature system and method in which each person can sign the document in a particular role or capacity, each role or capacity corresponding to a specified portion of the electronic document. In addition, what is needed is an electronic document format including delimiters for indicating portions of the document to be signed by a person in a particular role or capacity. What is also needed is a system and method for specifying order in which the document is to be signed by a plurality of signers. Moreover, what is needed is a document-driven system and method for processing electronic documents encoded with processing instructions. What is additionally needed is an electronic document format including processing instructions for indicating how the document is to be processed. What is needed is a document processing system including a plurality of processing services for executing the processing instructions.
The present invention solves the foregoing problems by providing a system and method for document-driven processing of digitally-signed, electronic documents. One aspect of the invention is a computer-implemented method for digitally signing an electronic document by a plurality of signers, wherein each signer has a signing role and a unique private key for applying a digital signature, each signing role corresponds to a to-be-signed portion of the document, and at least two signing roles correspond to different to-be-signed portions. The method includes the steps of determining the signing role of each signer; identifying the to-be-signed portion of the document corresponding to the signing role of each signer; receiving an indication from each signer to digitally sign the document; and applying the digital signature of each signer to the corresponding to-be-signed portion in response to the indication from each signer.
In another aspect of the invention, the document includes a signing order for is indicating an order in which the document is to be signed by the plurality of signers, the method including the steps of determining a signing role of a signer; determining whether the signer is signing in the indicated order; when the signer is signing in the indicated order, identifying the to-be-signed portion of the document corresponding to the role of the signer, receiving an indication from the signer to digitally sign the document, and applying the digital signature of the signer to the corresponding to-be-signed portion.
Yet another aspect of the invention is a computer-implemented method for processing electronic documents, wherein each document comprises a data portion and a processing portion, the processing portion comprising at least one processing instruction. The method includes the steps of receiving a document at a document processing station, the document processing station having a unique private key for applying a digital signature to the document; reading a processing instruction from the processing portion of the document; identifying a processing service within the document processing station for executing the processing instruction; executing the processing instruction at the document processing station using the identified processing service; and applying the digital signature of the document processing station to the document after the processing instruction is executed.
Still another aspect of the invention is a computer-implemented method for processing electronic documents in the context of a plurality of document processing stations, wherein each document comprises a data portion and a processing portion, the processing portion comprises at least one processing instruction, and each document processing station has a unique private key for applying a digital signature. The method includes the steps of receiving a document at a first document processing station; reading a processing instruction from the processing portion of the document; identifying a processing service for executing the processing instruction; determining whether the identified service is available within the first document processing station; in response to the identified service not being available within the first document processing station, locating a second document processing station in which the identified service is available; sending the document to the second document processing station; executing the processing instruction at the second document processing station using the identified processing service; and applying the digital signature of the second document processing station to the document after the processing instruction is executed.
Another aspect of the invention is a system for digitally signing an electronic document by a plurality of signers, wherein each signer has a signing role and a unique private key for applying a digital signature, each signing role corresponds to a to-be-signed portion of the document, and at least two signing roles corresponds to different to-be-signed portions. The system comprises a signing role identifier for identifying the signing role of each signer; a parser, coupled to the signing role identifier, for parsing the document to identify the to-be-signed portion of the document corresponding to the signing role of each signer; and a signing module, coupled to the parser, for applying the digital signature of each signer to the corresponding to-be-signed portion in response to receiving an indication to sign from each signer.
In yet another aspect of the invention, a system for processing electronic documents includes at least one document processing station, each document processing station comprising a computer-readable medium for storing an electronic document, the document comprising a data portion and a processing portion, the processing portion comprising at least one processing instruction; a parser, coupled to the computer-readable medium, for reading a processing instruction from the processing portion of the document and identifying a processing service for executing the processing instruction; at least one processing service, coupled to the parser, for executing the processing instruction; and an signing module, coupled to the processing service, for applying the digital signature of the document processing station to the document after the processing instruction is executed.